44CON 2016 Training

This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. We’ll examine UART, JTAG and SPI interfaces on both ARM and MIPS embedded devices, representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. We will observe, interact with, and exploit each interface to use physical access to enable software privilege.

This year, we bring you a brand new class. The ARM Exploit Laboratory debuts in 2016, bringing you an intense 3 day course featuring a practical hands-on approach to exploit development on ARM based systems.

Course Length: 3 days (12th-14th September 2016) at etc.venues The Hatton

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique hands-on training! Dawid Czagan will discuss security bugs that he has found together with Michal Bentkowski in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack and secure mobile applications on the iOS and Android platforms.

PwnAdventure is a custom 3D MMORPG created for the Ghost in the Shellcode CTF and it’s now been transformed into a hands-on reverse engineering training class. Learn the basics of binary reverse engineering, custom network protocol analysis, all while granting yourself in-game superpowers and pwning newbs with your FPS skills.

The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

This training is focused on exploitation of different Windows Kernel Mode vulnerabilities ranging from Pool Overflow to Use after Free. We will cover basics of Windows Kernel Internals and hands-on fuzzing of Windows Kernel Mode drivers. We will dive deep into exploit development of various kernel mode vulnerabilities. We will also look into different vulnerabilities in terms of code and the mitigations applied to fix the respective vulnerabilities.

Course Length: 3 days (12th-14th September 2016) at etc.venues The Hatton